==================================================

CREATED: WIN-POWERSHELL-SUSP-METHODS

Description

Identifies Powershell dropping malware on a system via weaponized Office documents.

ATT&CK Technique T1059

==================================================

CREATED: WIN-POSH-POSSIBLE-OBFUSCATION

Description

Identifies PowerShell instances that possibly contain obfuscated code.

ATT&CK Technique T1086

==================================================

CREATED: WIN-CMD-POSSIBLE-OBFUSCATION

Description

Identifies command shell instances that possibly contain obfuscated code.

ATT&CK Technique T1059

==================================================

CREATED: WIN-PYTHON-POSSIBLE-OBFUSCATION

Description

Identifies Python instances that possibly contain obfuscated code.

ATT&CK Technique T1064

==================================================

CREATED: WIN-LSASS-PE-WRITE

Description

Identifies the Local Security Authority Subsystem Service (LSASS) writing an executable file to disk.

==================================================

CREATED: INTEL-RL-REPUTATION-MALICIOUS

Description

Identifies processes flagged as malicious by Reversing Labs.

==================================================

CREATED: INTEL-RL-REPUTATION-SUSPICIOUS

Description

Identifies processes flagged as malicious by Reversing Labs.

Did this answer your question?